CVE-2017-8921
In FlightGear before 2017.2.1, the FGCommand interface allows
overwriting any file the user has write access to, but not with
arbitrary data: only with the contents of a FlightGear flightplan (XML).
A resource such as a malicious third-party aircraft could exploit this
to damage files belonging to the user. Both this issue and CVE-2016-9956
are directory traversal vulnerabilities in Autopilot/route_mgr.cxx -
this one exists because of an incomplete fix for CVE-2016-9956.